package cn.cloudreal.cbms.common.filter;

import java.io.IOException;
import java.util.List;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import cn.cloudreal.cbms.common.util.Constants;
import cn.cloudreal.cbms.common.util.StringUtils;

/**
 * <p>
 * Title: CRBT
 * </p>
 * <p>
 * Description:用户访问认证的过滤器
 * </p>
 * <p>
 * Copyright: Copyright (c) 2010
 * </p>
 * <p>
 * Company:云恒瑞通
 * </p>
 * 
 * @author gaoxuejiao
 * @date 2012-1-30
 */
public class UserSignFilter implements Filter
{
    /**
     * 日志工具类实例
     */
    private static final Logger log = Logger.getLogger(UserSignFilter.class);

    /**
     * 不过滤的路径
     */
    private String excludedUrl = null;

    /**
     * 不要做Filter操作的页面
     */
    private List<String> urlList = null;

    /**
     * 未登录时迁移的页面
     */
    private String initUrl = null;

    /**
     * 过滤器配置
     */
    private FilterConfig filterConfig = null;

    /**
     * 用户访问认证过滤器的销毁
     */
    public void destroy()
    {
        this.filterConfig = null;
    }

    /**
     * 用户访问认证过滤器的过滤处理
     * 
     * @param request
     *            ServletRequest
     * @param response
     *            ServletResponse
     * @param chain
     *            FilterChain
     * @throws IOException
     *             IOException
     * @throws ServletException
     *             ServletException
     */
    public void doFilter(ServletRequest request,
            ServletResponse response,
            FilterChain chain) throws IOException, ServletException
    {
		// 客户端请求
		HttpServletRequest httpRequest = (HttpServletRequest) request;

		// 获取session
		HttpSession session = httpRequest.getSession();

		// 服务端响应
		HttpServletResponse httpResponse = (HttpServletResponse) response;

		// 用户对象
		Object sessionkey = session.getAttribute(Constants.SESSIONPRKEY);

		// 是否登录
		boolean isLogin = false;

		if (sessionkey != null) {
			isLogin = true;
		}

		// 获取url
		String url = StringUtils.clearUrl(httpRequest.getRequestURI());

		// 不过滤标志
		boolean excludFlag = false;

		if (urlList != null && urlList.contains(url)) {
			excludFlag = true;
		}

		// 进行过滤处理
		if (isLogin || excludFlag) {
			if (null != chain) {
				chain.doFilter(request, response);
			}
		} else {
			log.debug("拦截一个未认证的请求:" + url);
			httpResponse.sendRedirect(initUrl);
		}
    }

    /**
     * 用户访问认证过滤器初始化
     * 
     * @param config
     *            FilterConfig
     * @throws ServletException
     *             ServletException
     */
    public void init(FilterConfig config) throws ServletException
    {
        this.filterConfig = config;

        // 不过滤的路径
        excludedUrl = filterConfig.getInitParameter("excluded-url");
        initUrl = filterConfig.getInitParameter("init-url");

        if (null == excludedUrl)
        {
            throw new ServletException("Filter initialized parameter(session-key or timeout-url "
                    + "or excluded-url) not configured properly.");
        }

        // 不做Filter操作的路径
        urlList = StringUtils.tokenizeToList(excludedUrl, ",; \t\n");
    }

}
